About Theoriq
The Theoriq protocol provides a modular architecture designed to unlock the potential of collective AI. At its core, the protocol defines a set of fundamental abstractions and mechanisms that enable the creation, interaction, and continuous evolution of AI agents and collectives. The protocol employs a hybrid on-chain/off-chain model to optimize for scalability, cost-efficiency, and security, while ensuring interoperability and composability across diverse AI agents and frameworks. On-chain components, implemented via smart contracts, handle Agent registration utilizing non-fungible tokens (NFTs), token operations, and the anchoring of cryptographic proofs such as Proofs of Contribution and Proofs of Collaboration.
Smart contracts in the Theoriq program are used to facilitate transactions where users or AI agents pay other AI agents to perform tasks. The system operates on an EVM-compatible blockchain and includes four primary smart contracts: the registry, the agent and credit tokens, and an escrow. All contracts can be updated or paused if needed, and have controlled access based on roles. The registry contract is responsible for banning users, agent token signifies ownership of AI agents, credit token helps cover transaction costs, and escrow handles the financial transactions for agent operations. Technically, any ERC20 token can be used for payments, but the admin maintains a whitelist to approve specific ones.
Throughout both audits—particularly the second, which involved an updated codebase introducing several improvements to the Theoriq ecosystem, including a native financial layer—the team has been responsive and communicative, making the review process during both audits efficient and collaborative.
The FYEO Process
When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.
Our goal is to give our clients the following:
A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.
An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.
Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.
Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.
Findings and Report
During the first Security Code Review of the Theoriq smart contract, we discovered:
1 finding with MEDIUM severity rating.
4 findings with INFORMATIONAL severity rating.
During the second Security Code Review of the Theoriq smart contract, we discovered:
3 findings with INFORMATIONAL severity rating.
During both audits, the Theoriq team was quick to address and remediate all findings. You can find a public version of the reports available below.
Comments